Wednesday, February 16. 2005

After the News about the SHA1 hash-function definitely being broken (see this article from Bruce Schneier for details), I was looking around how to use the alternatives SHA256/SHA512.
While for example GnuPG supports SHA256 out of the box, it's a problem in a lot of situations.

Command line
While the GNU Coreutils have md5sum/sha1sum for the broken, insecure algorithms, they contain no similar tools for SHA256. The hashsum package provides some tools equivalent to the usual md5sum/sha1sum tools.
Another Option is shash, which provides a wide variety of hashing-algorithms, but it's not syntax-compatible to the GNU tools.

Programming library
The above mentioned shash is based on the mhash-library, which supports a wide variety of hashing algorithms.

PHP
While PHP has md5/sha1-functions built-in, there are no such functions for sha256. But it's possible to use the mhash-library if PHP was configured with --with-mhash.
For Gentoo-Users: USE="mhash"
Then you can use mhash(MHASH_SHA256,$s) to get binary hashes. To get hexadecimal encoded hashes (like the md5/sha1-functions do), use bin2hex(mhash(MHASH_SHA256,$s)).